IT Security - Risk Analyst
Makati, Philippines
**About Citco**
Citco is a global leader in fund services, corporate governance and related asset services with staff across 80 offices worldwide.
With more than $1 trillion in assets under administration, we deliver end-to-end solutions and exceptional service to meet our clients' needs.
**About the Team & Business Line**:
Proprietary software solutions and innovation are at the core of what differentiates Citco in the alternative investment space.
Through our network of global development centres, Citco invests heavily in technology development, security, and infrastructure to ensure our clients continue to receive award-winning products that underpin our commitment to service excellence.
As a core member of our Data Services IT team, you will work with dedicated professionals to ensure our clients maintain access to their critical information assets while keeping Citco ahead of industry trends.
**About the Role**:
**Your** **Role**:
IT Security is responsible for overseeing Citco's Information Security Management System and program.
As part of IT Security, you will be responsible for performing IT Security governance, risk and compliance projects with the following accountabilities outlined below.
- Report to the IT Security Governance, Risk, and Compliance (GRC) Risk Team Senior Analyst and
Manager.
Cultivate and maintain excellent relationships with management and staff within the organization, internal and external auditors and security colleagues.
- Perform risk and controls maturity assessments on various systems and processes, ISO 27001/2 audits and service provider due diligence reviews.
- Help maintain compliance with ISO 27001/2 standard and other security frameworks or guidelines.
- Liaise and work closely with the IT Security Senior Analysts and your Manager, as well as with other key individuals responsible on related operational effectiveness testing work including business and IT representatives across various offices, locations and time zones.
- Document results of the risk assessments and review the work of other staff members, as necessary.
- Create reports and present results of the risk assessments and audits to Senior Management, as necessary.
- Work collaboratively with Audit, Operations and Risk Management to remediate new and outstanding issues; manage security-related issues in risk and audit databases.
- Assist with our security metrics program and other miscellaneous duties.
- Help establish and maintain the organization's security risk management program.
- Maintain expertise on security trends through training, research and development in order to mitigate potential security exposures.
- Train other staff members and other stakeholders, as necessary.
**About You**:
- You must possess at least a Bachelor's/College Degree in Computer Science/Information Technology or equivalent
- Have five or more years working in governance, risk and compliance; leading audit and risk assessment projects; and performing risk analysis and compliance remediation.
- With three or more years of experience in developing solutions using ISO 27001/2 and COBIT guidelines.
- Understanding of Basel II, SAS70, and SOC I & II requirements and other best practices a plus
- With CISA certifications
- Other security certifications such as ISO 27001 Lead Auditor certification, CRISC, CISSP, CISM and other audit-, risk
- and security-related certifications a plus
- With good foundation on IT security and IT-related topics
- Working knowledge of Protiviti, Prevalent platform, Team Central, JIRA and Confluence a plus
- Working knowledge on third party risk assessments a plus
- Key competencies and characteristics:
- Work independently with or without direction and or supervision.
- Proactive with good project management and organizational skills.
- Strong negotiation and influencing skills.
- Confident personality with ability to communicate clearly and succinctly.
- Reliable and prepared to undertake international travel, if needed.
- Portray professional demeanor.
- Accept responsibility and personal accountability.
- Demonstrate flexibility and adaptability in approach to work.
- Demonstrate use of professional judgment on the job.
- Demonstrate effective teamwork and working relationships with others, both from Citco and external clients.
- Demonstrate a self-directed approach to learning new technologies in the field; pursue professional development
- Ability to effectively manage multiple concurrent projects/tasks with high attention to detail
**Our Benefits**
Your well-being is of paramount importance to us, and central to our success.
We provide a range of benefits, training and education support, and flexible working arrangements to help you achieve success in your career while balancing personal needs.
Ask us about specific benefits in your location.
We recognize diversity as a source of organizational pride and strength.
We have made i